Описание
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.
Уязвимые конфигурации
Конфигурация 1Версия до 2.10.0 (исключая)
cpe:2.3:a:samlify_project:samlify:*:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00042
Низкий
7.5 High
CVSS3
Дефекты
CWE-347
Связанные уязвимости
EPSS
Процентиль: 13%
0.00042
Низкий
7.5 High
CVSS3
Дефекты
CWE-347